package io.github.enbool.security;

import org.apache.commons.lang3.ArrayUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.oauth2.config.annotation.builders.InMemoryClientDetailsServiceBuilder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;

import io.github.enbool.properties.OAuth2ClientProperties;
import io.github.enbool.properties.OAuth2SecurityProperties;



@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter  {

	private final static String REALM = "OAUTH_REALM";
	
	@Autowired
	private AuthenticationManager authenticationManager;
	
	@Autowired
	private UserDetailsService userDetailsService;
	
	@Autowired
	private TokenStore tokenStore;
	
	@Autowired(required = false)
	private JwtAccessTokenConverter jwtAccessTokenConverter;
	
	@Autowired
	private OAuth2SecurityProperties oAuth2SecurityProperties;
	
	@Override
	public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
		endpoints
				.tokenStore(tokenStore)
				.authenticationManager(authenticationManager)
				.userDetailsService(userDetailsService);
		
		if(jwtAccessTokenConverter != null) {
			endpoints.accessTokenConverter(jwtAccessTokenConverter);
		}
	}

	@Override
	public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
		security.realm(REALM + "/client").tokenKeyAccess("isAuthenticated()");
	}

	@Override
	public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
		
		InMemoryClientDetailsServiceBuilder builder = clients.inMemory();
		
		if(ArrayUtils.isNotEmpty(oAuth2SecurityProperties.getOauth2().getClients())) {
			for(OAuth2ClientProperties client : oAuth2SecurityProperties.getOauth2().getClients()) {
				builder.withClient(client.getClientId())
					   .secret(client.getClientSecret())
					   .authorizedGrantTypes("password", "authorization_code", "refresh_token")
					   .scopes("all", "read", "write")
					   .accessTokenValiditySeconds(client.getAccessTokenValiditySeconds())
					   .refreshTokenValiditySeconds(3600 * 24 * 30);
					   //.refreshTokenValiditySeconds(60 * 2);
			}
		}
	}	
}
